-
Notifications
You must be signed in to change notification settings - Fork 155
Travis CI Dynamic Stormpath Configuration
Travis CI runs the test suite in the Java SDK.
In order for the integration tests to run, Travis must be able to connect to Stormpath tenants. In particular, the tests require one tenant that is configured to support many applications and one tenant that is configured to support only a single application (the default when you first create a new tenant).
Ordinarily, these settings would be fixed in the .travis.yml
file. However, it is convenient to be able to have Travis target different tenants for different runs. For instance, you may be working on an experimental branch that you want to have Travis run against a locally running instance of the Stormpath backend. Or you may want Travis to run against tenants in the Enterprise Cloud or a Private Deployment, rather than the Community Cloud.
Travis CI now has the ability to be configured in a dynamic way without having to make changes to the stormpath-sdk-java
project.
- An encrypted file of global settings is retrieved from a publicly available website
- Travis decrypts this file an exports its settings into the environment.
- A shell script containing Author information is retrieved from a publicly available website
- Based on who the Author is of the last commit, an encrypted file of Stormpath settings is retrieved from a publicly available website.
- Travis decrypts this file and exports its settings into the environment.
- The build proceeds and the tests are run against the author specified Stormpath environment
Travis creates private keys on a per-project and per-user basis. That is, if I encrypt a file using the travis tools in the stormpath-sdk-java
, a new private key is setup bound to my travis account AND the stormpath-sdk-java
project.
That's why at the beginning of a travis run, you see output like this:
$ export encrypted_da634cfd642b_key=[secure]
$ export encrypted_da634cfd642b_iv=[secure]
$ export encrypted_0b7f5d43be1f_key=[secure]
$ export encrypted_0b7f5d43be1f_iv=[secure]
That indicates that two different users have created encrypted files in the stormpath-sdk-java
project. This is indicated by 0b7f5d43be1f
and da634cfd642b
.
When you encrypt a file, travis outputs this identifier to you. This will become important later in configuring your author settings later.
This file contains information about each author that is authorized to commit to the stormpath-sdk-java
project. An author section looks like this:
[email protected]|[email protected])
AUTHOR=micah
ENCRYPT_KEY=$encrypted_0b7f5d43be1f_key
ENCRYPT_IV=$encrypted_0b7f5d43be1f_iv
;;
The first line contains all the email addresses that an author uses when committing to github. This is important as early in the build process, the Travis script extracts the email from latest commit of the branch being built.
The second line is a single author identifier that corresponds to a folder name on the website that serves these files.
The third and fourth lines are key for Travis being able to decrypt your personal settings file. It uses the id you are given when you run the travis encrypt command (more on that below).
This file contains your Stormpath environment settings. In most cases, this will be a pre-defined set of tenants in the Community Cloud that all the developers will use. It is here that you can customize these settings.
The file must contain these settings:
STORMPATH_CLIENT_BASEURL=
STORMPATH_API_KEY_ID=
STORMPATH_API_KEY_SECRET=
STORMPATH_API_KEY_ID_TWO_APP=
STORMPATH_API_KEY_SECRET_TWO_APP=
STORMPATH_TEST_APPLICATION_HREF=
export STORMPATH_CLIENT_BASEURL STORMPATH_API_KEY_ID STORMPATH_API_KEY_SECRET STORMPATH_API_KEY_ID_TWO_APP STORMPATH_API_KEY_SECRET_TWO_APP STORMPATH_TEST_APPLICATION_HREF
When your stormpath_env.sh
file is ready to go, you encrypt it by following these steps:
-
Copy the
stormpath_env.sh
file into your localstormpath-sdk-java
project. -
Encrypt it with travis. You will need to have the Travis command line tool installed.
travis encrypt-file stormpath_env.sh
You'll see output like this:
encrypting stormpath_env.sh for stormpath/stormpath-sdk-java storing result as stormpath_env.sh.enc storing secure env variables for decryption Please add the following to your build script (before_install stage in your .travis.yml, for instance): openssl aes-256-cbc -K $encrypted_0b7f5d43be1f_key -iv $encrypted_0b7f5d43be1f_iv -in stormpath_env.sh.enc -out stormpath_env.sh -d
Notice the
$encrypted_0b7f5d43be1f_key
and the$encrypted_0b7f5d43be1f_iv
references. Those will need to be updated in your section of thestormpath_authors.sh
file. -
Upload the encrypted
stormpath_env.sh.enc
to your folder in the S3 bucket.All of the encrypted configurations files (as well as the author file and encrypted global configuration file) are stored in an amazon S3 bucket that is exposed as a static website.
The S3 bucket location is:
stormpath-sdk-java-travis-setup.s3-website-us-east-1.amazonaws.com
The
stormpath_env.sh.enc
file should be placed in the folder in the S3 bucket that matches the settings in thestormpath_authors.sh
file.If you do not have direct access to the S3 bucket, simply email the encrypted file to [email protected]
Note: never email the unencrypted
stormpath_env.sh
file as it has secret keys in it. Also, never upload the unencrypted file to the S3 bucket. Everything in the S3 bucket is publicly available. -
Very Important: Cleanup
Delete BOTH the
stormpath_env.sh
andstormpath_env.sh.enc
files from thestormpath-sdk-java
project,NOTE: NEVER commit either of these files to the
stormpath-sdk-java
project. They are only in this location because travis needs to identify the github project and the travis user in order to properly encrypt the file.